Transcription

2 Introduction For the last decade, the use of open source software (OSS) in corporate and government environments has steadily increased, a fact not only due to the significant number of available applications but also to the widespread acknowledgement of the technological and business advantages that are realized with OSS deployments. Beyond the business applications, OSS also has a strong presence in the network security and cyber intelligence world, as innovative and feature-rich cyber tools available as open source distributions are a mainstay in many NOCs, SOCs, and enterprise IT security groups. Network and cyber security professionals, whether managing networks for enterprises or complex federal government agencies, face a constantly evolving world of cyber attacks and threats by criminals and hackers that remain relentless in their determination to compromise targets and access high-value data. However, tight budgets are forcing these companies and agencies to look for ways to meet their information assurance and network security objectives while also containing spending. The result is an increasing demand for economically viable cyber intelligence and network defense capabilities to insure secure information delivery and assurance in this volatile networking environment. Fortunately, some of the most innovative cyber security and network traffic analysis solutions are available to companies and government agencies as open source software applications. Adoption of OSS has soared in recent years across a variety of industries and at all levels of government, as corporate executives, agency leaders and key stakeholders increasingly embrace the advantages these applications present over proprietary solutions and selffunded initiatives. By deploying open source cyber applications, companies and agencies can implement the best solutions for their needs without many of the security, interoperability and cost challenges associated with proprietary or in-house developed tools. This white paper explores some key benefits to companies and agencies when open source applications are deployed to enhance cyber security and network awareness. In addition to offering a list of commonly deployed applications, the paper also discusses the improvements in flexibility, agility, solution stability, as well as the potential reduction in the total cost of ownership that comes with open source solutions. 1

4 Location #1 Location #2 Network Characteristics Classified and Unclassified (or Public) Networks Single and/or Multiple Locations Legitimate and Malicious Users Internal & External Threats Unclassified or Public Network INTERNET Open Source Cyber Security Applications Argus Barnyard2 Bro nprobe ntop Classified or Private Network SiLK SNORT Suricata TCPdump YAF Location #3 Protection Tools for Government and Company Networks A high-performance networking device capable of aggregating multiple cyber applications on a single platform: Intrusion Detection & Prevention Network Flow Analysis Monitoring & Surveillance For example, open source network flow recording and analysis tools, like YAF and SiLK, can provide network security and cyber analysts with comprehensive visibility into network protocols and data traversing the network, presenting an all-inclusive view of the network environment, network users, and bandwidth trends. By recording and analyzing network flows, YAF and SiLK can help identify and report policy violations as well as viruses, worms, botnets, malware and other vulnerabilities. As seen above, open source software for cyber operations is widely available for corporate and government use. However, companies and agencies must carefully select the appropriate host processing platform(s) to meet network security and bandwidth requirements; usually these applications function best when integrated with a high-performance platform that is optimized for packet processing applications. 2. Empowering Cyber Operations with Flexibility and Agility Given the continually changing landscape of cyber threats, cyber teams need flexibility, control and oftentimes scalability over the form, fit and function of network security solutions. However, rather than enabling teams with customized solutions that are best-suited for their objectives, proprietary products can create vendor dependency, locking the group into costly products with pricey licensing agreements. Unfortunately, once locked-in to a single vendor solution, the switching costs to more flexible, value-add solutions may be high. Open source software based solutions eliminate vendor lock-in and dependency. Instead of relying on one specific vendor, cyber security professionals have access to a wide range of best of breed technologies and are freed from dependency (and risk) on a single vendor for upgrades, security patches and other enhancements. Similarly, government-off-the-shelf (GOTS) solutions afford agencies a high level of direct control over product specifications and can be freely shared among agencies, however these applications require dedicated software programmers and can be costly to modify and maintain. Modular open source systems allow programmers and cyber analysts to adapt key features or add new capabilities when needed, rapidly developing and deploying customized applications to address their specific challenges. Open source allows these cyber professionals to tailor existing open source code, minimizing the time and money needed to create a custom solution. 3

5 3. Bolstering Security and Innovation Open source users can count on a large and active community that offers best practices in network security, cyber intelligence and information assurance. This community presents a significant pool of knowledge and resources cyber operations managers can tap for fresh ideas, a variety of opinions and reliable insight, as opposed to relying on a single vendor source. The open source user community is particularly beneficial when it comes to one of the most pressing concerns for large corporations and government agencies: cyber security. For these mission-critical and often highly sensitive networks, security vulnerabilities are not an option. Fortunately, access to open source program blueprints enhances security while also promoting continuous product improvement. User communities are constantly testing and validating open source software. When security patches are required, the open source community responds rapidly to fix the bugs, developing fixes for security vulnerabilities, sharing code patches and continually refining and refreshing software, ensuring that open source solutions continuously evolve and improve. This open source community approach enhances security, since vulnerabilities are quickly identified and remedied before they can be exploited. In other words, cyber security vulnerabilities are minimized when thousands of experienced programmers have the opportunity to independently view, modify and validate the blueprint. 4. Doing More with Less A perennial challenge for cyber operations and IT managers is making the most of tight budgets in networking environments where they lack the necessary human and financial resources required to keep up with software changes, equipment upgrades, licensing fees and maintenance costs that come with closed or proprietary technologies. Open source software has lower total cost of ownership (TCO) than closed solutions, and enables companies and government agencies to develop and deploy scalable applications at a fraction of the time and cost of proprietary software. Often, open source solutions are available for free with technical support in terms of ongoing patches and upgrades provided by the community at large. In additional, further reductions in operating expenditures can be realized by utilizing a highperformance cyber application platform that allows multiple open source applications to run simultaneously on common data streams without impacting performance. 5. Supporting Collaboration and Interoperability With open source, IT managers and cyber operations teams can share critical information among and within peer divisions and agencies. Open source makes it easier for groups to collaborate among themselves and with commercial solutions providers, and to provide any necessary external access to resources and information. For example, companies and government agencies can configure some open source cyber security applications to import real-time threat intelligence or policy updates from commercial data feeds, thereby implementing a continuously updated network security solution. 4

6 Bivio Networks: Optimizing Open Source Applications with High-Performance Infrastructure To optimally support open source network security applications with minimal porting effort, large companies and government agencies need a robust and reliable network infrastructure that can process the deep packet inspection and analysis functions of cyber applications at network speeds from multi-gigabit to over 40 Gbps on a single platform. To this end, Bivio Networks cyber security application platforms have many flexible and agile configuration options that allow the system to be scaled for throughput and performance across a wide range of packet processing workloads. This architecture is uniquely suited to support the deep packet processing capabilities of a variety of open source applications and services. Leveraging Bivio s carrier-grade platforms, companies and government agencies achieve dramatic increases in the performance of open source applications. The Bivio platform is specifically designed to host and manage multiple open source applications on a tightly-integrated system. This capability enables network managers and cyber analysts to simultaneously run multiple security applications in parallel on a shared platform to improve network security posture without compromising the system throughput and performance. For example, a single platform could host Suricata along with Argus to deploy both a high-speed network IDS/IPS and bi-directional flow analysis engine as a consolidated cyber solution. The consolidation of multiple applications on the platform also simplifies and eases system management through a single, efficient, Linux-based interface. This simplified management can reduce the learning curve for users and help reduce system downtime, human error or data loss so that analysts can focus on the core network and cyber monitoring tasks. This same architecture further enables the platform to deliver unprecedented performance in a single system for processor-intensive open source applications such as the Bro Network Security Monitor. Rather than using a cluster of separate servers, the Bivio platform effectively integrates the equivalent processing performance into a less complex, more compact, and simpler to manage cyber security system. Get Ahead with Open Source Budget and security considerations often keep companies and government agencies from getting ahead of the curve when it comes to advancing their networks in support of unique objectives. But with open source software, cyber teams can more readily implement the applications that are best-suited to mitigate network security threats, facilitate collaboration and adapt to evolving network requirements without the restrictions of proprietary or self-funded initiatives. Corporations, government agencies, and educational institutions are increasingly recognizing that, when deployed on high-performance cyber application platforms like Bivio s, the benefits of open source are many and are moving forward to deploy open source applications to lower costs, promote and encourage innovation and safeguard their networks. For more information on how your cyber team can get ahead with open source applications and Bivio platform solutions, please visit 5

7 About Bivio Networks Founded in 2000, Bivio Networks is dedicated to providing leading networking products that enable government agencies and service providers to control, monitor and secure critical network infrastructure. A leader in cyber intelligence, cyber security and network control solutions, Bivio has deployed its products in a wide range of environments. Bivio s global customer base includes leading defense department and intelligence agencies, service providers and enterprises. Bivio is privately-held and is headquartered in the San Francisco Bay Area. More information is available at Bivio Networks, Inc Willow Road, Suite 240 Pleasanton, California Phone: Fax: Bivio Networks, Inc. All rights reserved. The Bivio logo, BiviOS, Bivio 7000 Series, and Bivio 8000 Series are trademarks or registered trademarks of Bivio Networks, Inc. All other company and product names may be trademarks of their respective owners. Bivio Networks may make changes to specifications and product descriptions at any time, without notice.

COUNTERSNIPE WWW.COUNTERSNIPE.COM COUNTERSNIPE SYSTEMS LLC RELEASE 7.0 CounterSnipe s version 7.0 is their next major release and includes a completely new IDS/IPS leveraging high performance scalability

Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the

White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and

Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco

On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

POLIWALL: AHEAD OF THE FIREWALL FIREWALL HISTORY Since the earliest days of the Internet, when hackers sat in their darkened basements dialing into networks with dial-up modems, both network threats and

The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event

STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations

Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

Business Case for Data Center Network Consolidation Executive Summary Innovations in cloud, big data, and mobility as well as users expectations for anywhere, anytime, and any device access are defining

WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,

Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s

Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

White Paper Vulnerability Assessment and Penetration Testing Across the Enterprise: Can Organizations Afford Not To? Vulnerability Assessment and Penetration Testing Across the Enterprise Can Organizations

Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern

Customer Benefits Through Automation with SDN and NFV Helping service providers solve specific challenges they are facing today while improving the overall customer service life cycle 1 Table of Contents

WHITEPAPER A consolidated security infrastructure is more than just an idea; in today s world of increasingly diversified threats and associated rising costs, it s imperative that organizations adopt a

Securing the Small Business Network Keeping up with the changing threat landscape Table of Contents Securing the Small Business Network 1 UTM: Keeping up with the Changing 2 Threat Landscape RFDPI: Not

TIME TO RETHINK NETWORK SECURITY There are three major trends currently unfolding that promise increased efficiency and effectiveness in how we do business. These are cloud computing, big data analysis

Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection

PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

To ensure the functioning of the site, we use cookies. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy &amp Terms.
Your consent to our cookies if you continue to use this website.